Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.

Published byMoses Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET."— Presentation transcript:

1 Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET

2 PRESENTED BY : NANIDITA SRIVASTAVA NEEHARIKA KOLLA MOUNIKA VALLABHANENI

3 MAIN FOCUS OF THE PROJECT: 1.Feature of XML digital signatures 2.XML documents and XML digital signatures in brief. 3.Creation of windows based application using.NET & C# 4.Application lets user encode and sign specific parts of an XML file. 5.Presenting 3 test cases where user changes the or the key…….and verification produces invalid results

4 Digital Signatures A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document.

5 XML Digital Signatures Digital signatures designed for use in XML transactions. Joint effort between the World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF) Similarities and Differences with Standard Digital Signatures Similarities Authentication Data integrity Support for non-repudiation Differences Support for Web based nature of todays transactions

6 What is XML <CompanyA> Sample 3 Sample 3 <BusinessAssociate> Marvin P. Mooney Marvin P. Mooney Vice President of Drilling Operations Vice President of Drilling Operations </BusinessAssociate><LegalDescription> 50 50 </CompanyA> XML is a markup language for documents containing structured information. XML was created so that richly structured documents could be used over the web. The only viable alternatives, HTML as it comes bound with a set of semantics and does not provide arbitrary structure. A sample XML document

7 Why XML is important (Use in Web Services) Web services are application programming interfaces (API) that can be accessed over a network, such as the Internet, and executed on a remote system. Generic Web Service Architecture

8 Use of XML Digital Signatures in Web Services Non-repudiation and integrity assume alarming dimensions in a web service-driven world. Suppose that a confidential XML document is populated by services A and B, and is passed on to service E by C and D. To make things worse, let's assume that these services are provided by different systems/vendors across the Net! Now, how can the end consumer service E ensure the authenticity of the sender services A and B? What guarantee does it have that the XML data passed on from A and B has not been modified during the transit or by other malicious services? With hacking becoming a common phenomenon on the Internet, it is quite possible that unauthorized services will come to life all of a sudden from the network and start consuming confidential business data. How can we make sure that the sender services A and B take full responsibility for what is contained in the XML document? Non-repudiation and integrity assume alarming dimensions in a web service-driven world. Suppose that a confidential XML document is populated by services A and B, and is passed on to service E by C and D. To make things worse, let's assume that these services are provided by different systems/vendors across the Net! Now, how can the end consumer service E ensure the authenticity of the sender services A and B? What guarantee does it have that the XML data passed on from A and B has not been modified during the transit or by other malicious services? With hacking becoming a common phenomenon on the Internet, it is quite possible that unauthorized services will come to life all of a sudden from the network and start consuming confidential business data. How can we make sure that the sender services A and B take full responsibility for what is contained in the XML document? Example

9 The Components of an XML Signature

10 An XML signature can sign more than one type of resource. For example, a single XML signature might cover character-encoded data (HTML), binary-encoded data (a JPG), XML-encoded data, and a specific section of an XML file. Determine which resources are to be signed. This will take the form of identifying the resources through a Uniform Resource Identifier (URI). "http://www.abccompany.com/index.html" would reference an HTML page on the Web "http://www.abccompany.com/logo.gif" would reference a GIF image on the Web. Calculate the digest of each resource. Create Reference element DigestValue element DigestMethod element Collect the Reference elements. Create SignedInfo element CanonicalizationMethod SignatureMethod XML Digital Signatures XML Digital Signatures Steps to create XML Digital Signatures Steps to create XML Digital Signatures

11 Signing SignatureValue element. Add key information KeyInfo element Enclose in a Signature element Signature element Steps to create XML Digital Signatures Steps to verify XML Digital Signatures Recalculate the digest of the element (using the digest algorithm specified in the element) and use the public verification key to verify that the value of the element is correct for the digest of the element. If this step passes, recalculate the digests of the references contained within the element and compare them to the digest values expressed in each element's corresponding element.

12 Concepts central to XML Digital Signature Specifications X-PATH Transforms Specifies which content is to be signed. Evaluates Expressions to filter out the nodes. Example child::* In our project Refence.AddTransform(CreateXPathTransform("ancestor-or-self::CompanyA")) Cannonicalization Important to take care of formatting differences between two logically similar documents. The canonicalization algorithm used normally changes the character encding to UTF-8,Change the line breaks to #Xa etc. In our project SignedXml.XmlDsigCanonicalizationUrl field specifies this Types of XML digital Signatures Enveloped Enveloping Detached

13 .Net Implementation of XML Digital Signatures The System.Security.Cryptography namespace in.NET provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication. The hierarchy of the classes found in the framework are as follows Algorithm type classes (Abstract) SymmetricAlgorithm or HashAlgorithm Abstract classes Algorithm class (Abstract) Inherits from an algorithm type class RC2 or SHA1 Abstract Implementation of an algorithm class These inherits from an algorithm class RC2CryptoServiceProvider or SHA1 Managed Fully implemented

14 DESCryptoServiceProvider for Encryption-Implements Data Encryption Standard (DES) algorithm used in CBC mode RSACryptoServiceProvider for Signing -Implements RSA algorithm Crypto Service Providers used in our project Project Implementation Windows based application (C# ) User selects an XML file Application encodes and Signs the file Application can decode and Verify the Signature Key Creation Use of sn.exe utility Created key stored in an XML file Decryption Create a crypto key from an XML file

15 Code Snippet XmlDocument xmldoc=new XmlDocument(); xmldoc.LoadXml(xml); // Get the key pair from the key store. CspParameters parms=new CspParameters(1);// PROV_RSA_FULL parms.Flags=CspProviderFlags.UseMachineKeyStore;// Use Machine store parms.KeyContainerName=keyContainerName;parms.KeyNumber=2; RSACryptoServiceProvider csp=new RSACryptoServiceProvider(parms); // Creating the XML signing object. SignedXml sxml=new SignedXml(xmldoc); sxml.SigningKey=csp; // Set the canonicalization method for the document. sxml.SignedInfo.CanonicalizationMethod=SignedXml.XmlDsigCanonicalizationUrl; // No comments. // Create an empty reference (not enveloped) for the XPath transformation. Reference r=new Reference(""); r.AddTransform(CreateXPathTransform("ancestor-or-self::CompanyA"));sxml.AddReference(r); // Add the reference to the SignedXml object. sxml.AddReference(r); // Compute the signature. sxml.ComputeSignature(); // Get the signature XML and add it to the document element. XmlElement sig=sxml.GetXml(); XmlElement sig=sxml.GetXml();xmldoc.DocumentElement.AppendChild(sig); // Write-out formatted signed XML. StringBuilder sb=new StringBuilder(); StringWriter tw=new StringWriter(sb); XmlTextWriter writer=new XmlTextWriter(tw); writer.Formatting=Formatting.Indented;

16

17 DEMO Thanks

Download ppt "Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET."

Similar presentations

XML DIGITAL SIGNATURE ASIM REHMAN YURI ALEGRIA. Introduction What is a digital signature Digital signature provides a mechanism for assuring integrity.

XML DIGITAL SIGNATURE ASIM REHMAN YURI ALEGRIA. Introduction What is a digital signature Digital signature provides a mechanism for assuring integrity.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
XML Encryption Prabath Siriwardena Director, Security Architecture.

XML Encryption Prabath Siriwardena Director, Security Architecture.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Web services security I

Web services security I
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.

Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Similar presentations

Ads by Google